Extensive and Damaging Sabotage by Employee at Tesla

Organisations should fully test all code and track employee changes, based on a bug tracking system or changelog

On Monday, Tesla’s CEO Elon Musk warned employees via a company-wide email that an employee had admitted to conducting corporate sabotage, and a potentially suspicious fire had broken out in its factory’s body-shop on Monday.

Musk’s first email stated that an employee had conducted “quite extensive and damaging sabotage to our operation.” The message, first reported by CNBC, also said that the person used false credentials to manipulate Tesla’s manufacturing software, as well as exporting highly sensitive Tesla data to unknown third parties.

Thomas Richards, associate principal consultant at Synopsys' Software Integrity Group, said:  "Internal threats can produce a great deal of damage as they are already inside your company and authorised to access sensitive company data and assets. To counter any internal threats, organisations should fully test all code and track employee changes, based on a bug tracking system or changelog. This provides answers to questions such as ‘did the person carry out what was required to resolve the issue at hand?’

"Although companies need to inherently trust their employees, all work should still be monitored and verified before code can enter production. Any unnecessary or unusual access to code and resources should be investigated.  All login attempts both successful and not successful should be monitored and reviewed for inconsistencies.

"Sensitive data, including code or other organisational assets, should also be protected and segmented from general access inside the environment.  Additionally, workstation controls should be put in place to prevent employees from moving data onto removable media. Account creation and authorisation should be handled by a centralised group, who will vet and verify requests for account creation and access."

Thomas Nuth, director at Nozomi Networks, added: "The recent allegations of internal sabotage from an employee of Tesla highlights the need for real-time visibility and cybersecurity at all areas of critical operations. In the case of Tesla, reports allege that internal sabotage led to multiple fires within the painting of the Model 3, production inefficiencies leading to ramp up failures and possible IP leakage to external organisations.

"At Nozomi Networks we believe operational and cyber vigilance is as important for managing internal threats as it is against external threats.”


Tags assigned to this article:
code employee changes bug tracking system changelog tesla

Advertisement

Around The World